Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Role-Aware Language Models for Secure and Contextualized Access Control in Organizations

Saeed Almheiri, Yerulan Kongrat, Adrian Santosh, Ruslan Tasmukhanov, Josemaria Loza Vera, Muhammad Dehan Al Kautsar, Fajri Koto

TL;DR

This work tackles the problem of enforcing enterprise access control in LLMs by introducing role-aware behavior. It proposes three modeling strategies—BERT-based role classifiers, LLM-based role classifiers, and role-conditioned generation—and evaluates them on two data streams (repurposed instruction data and synthetic organization data) representing hierarchical permissions. The study shows that instruction-tuned LLM classifiers achieve the strongest balance of high access-control accuracy (up to ~90%) and robust behavior across organizational structures, while generation-based approaches offer trade-offs between strictness and flexibility. It also provides a thorough analysis of jailbreak resilience, blacklist handling, and encoding choices, identifying directions for future work in dynamic role updates and integration with external knowledge sources. Overall, the results demonstrate the practicality of role-aware LLMs for secure, context-driven access control in organizations and outline concrete avenues to enhance generalization and safety in real-world deployments.

Abstract

As large language models (LLMs) are increasingly deployed in enterprise settings, controlling model behavior based on user roles becomes an essential requirement. Existing safety methods typically assume uniform access and focus on preventing harmful or toxic outputs, without addressing role-specific access constraints. In this work, we investigate whether LLMs can be fine-tuned to generate responses that reflect the access privileges associated with different organizational roles. We explore three modeling strategies: a BERT-based classifier, an LLM-based classifier, and role-conditioned generation. To evaluate these approaches, we construct two complementary datasets. The first is adapted from existing instruction-tuning corpora through clustering and role labeling, while the second is synthetically generated to reflect realistic, role-sensitive enterprise scenarios. We assess model performance across varying organizational structures and analyze robustness to prompt injection, role mismatch, and jailbreak attempts.

Role-Aware Language Models for Secure and Contextualized Access Control in Organizations

TL;DR

This work tackles the problem of enforcing enterprise access control in LLMs by introducing role-aware behavior. It proposes three modeling strategies—BERT-based role classifiers, LLM-based role classifiers, and role-conditioned generation—and evaluates them on two data streams (repurposed instruction data and synthetic organization data) representing hierarchical permissions. The study shows that instruction-tuned LLM classifiers achieve the strongest balance of high access-control accuracy (up to ~90%) and robust behavior across organizational structures, while generation-based approaches offer trade-offs between strictness and flexibility. It also provides a thorough analysis of jailbreak resilience, blacklist handling, and encoding choices, identifying directions for future work in dynamic role updates and integration with external knowledge sources. Overall, the results demonstrate the practicality of role-aware LLMs for secure, context-driven access control in organizations and outline concrete avenues to enhance generalization and safety in real-world deployments.

Abstract

As large language models (LLMs) are increasingly deployed in enterprise settings, controlling model behavior based on user roles becomes an essential requirement. Existing safety methods typically assume uniform access and focus on preventing harmful or toxic outputs, without addressing role-specific access constraints. In this work, we investigate whether LLMs can be fine-tuned to generate responses that reflect the access privileges associated with different organizational roles. We explore three modeling strategies: a BERT-based classifier, an LLM-based classifier, and role-conditioned generation. To evaluate these approaches, we construct two complementary datasets. The first is adapted from existing instruction-tuning corpora through clustering and role labeling, while the second is synthetically generated to reflect realistic, role-sensitive enterprise scenarios. We assess model performance across varying organizational structures and analyze robustness to prompt injection, role mismatch, and jailbreak attempts.

Paper Structure

This paper contains 45 sections, 4 equations, 11 figures, 16 tables.

Table of Contents

  1. Introduction
  2. Related Works
  3. Access Control in Traditional Systems
  4. Access Control in Language Models
  5. Problem Formulation
  6. Dataset Construction
  7. Repurposing Existing Instruction Dataset
  8. Synthetic Organization Dataset
  9. Synthetic Dataset Quality Analysis
  10. Training Set Construction
  11. Test Set Construction
  12. Experimental Set-Up
  13. Role Encoding Strategies
  14. Training Approaches
  15. Role-aware Cls
  16. ...and 30 more sections

Figures (11)

  • Figure 1: A role-aware LLM rejects questions from unauthorized roles, enhancing safety by restricting access to sensitive information. Icon source: Flaticon.com
  • Figure 2: Overview of our methodology. Top-left: dataset preparation yields four datasets across two types (repurposed and synthetic) with predefined structures. Top-right: balanced test distribution over positive/negative and seen/unseen paraphrases. Bottom: three training strategies: Role-aware Cls (BERT-based), Role-aware LLM-Cls (LLM-based), and Role-aware LLM-Gen (response generation).
  • Figure 3: Comparison of FPR and FNR across role encodings. The Hierarchical Number Encoding has the worst defense against unauthorized roles (highest FPR), and overly denies authorized roles (highest FNR).
  • Figure 4: Comparison of broken role rejection accuracy across role encodings. The Hierarchical Number Encoding has the best defense against broken roles.
  • Figure 5: Hierarchical structure for Basic structure.
  • ...and 6 more figures